Publication Details

Extraction of Information from .NET Executable Files

MILKOVIČ Marek. Extraction of Information from .NET Executable Files. In: Sborník příspěvků Mezinárodní Masarykovy konference pro doktorandy a mladé vědecké pracovníky 2017. Hradec Králové: Akademické sdružení MAGNANIMITAS Assn., 2017, pp. 1-9. ISBN 978-80-87952-22-1.
Czech title
Extrakce informací ze spustitelných souborů ve formátu .NET
Type
conference paper
Language
english
Authors
Milkovič Marek, Ing. (DIFS FIT BUT)
Keywords

reverse engineering, executable files, .NET, type reconstruction, typelib

Abstract


The occurrence of malicious software written in .NET languages is rapidly increasing. Extracting the information out of .NET executable file is therefore necessary step in order to fight against this kind of malware. In this paper, we propose methods to extract information out of .NET executable files, which are safe and platform independent. These methods include data type reconstruction, but also extraction of unique features such as TypeLib identifier or Module Version identifier. We also point out mistakes that are being done in this field so far. After implementing the proposed methods, we compare it with already existing .NET disassemblers yielding very good results. Extracted information are planned to be used in creation of detection patterns, clustering and other areas at Avast Software.

Published
2017
Pages
1-9
Proceedings
Sborník příspěvků Mezinárodní Masarykovy konference pro doktorandy a mladé vědecké pracovníky 2017
Conference
International Masaryk Conference for Ph.D. Students and Young Researchers 2017, Brno, CZ
ISBN
978-80-87952-22-1
Publisher
Akademické sdružení MAGNANIMITAS Assn.
Place
Hradec Králové, CZ
BibTeX
@INPROCEEDINGS{FITPUB11564,
   author = "Marek Milkovi\v{c}",
   title = "Extraction of Information from .NET Executable Files",
   pages = "1--9",
   booktitle = "Sborn\'{i}k p\v{r}\'{i}sp\v{e}vk\r{u} Mezin\'{a}rodn\'{i} Masarykovy konference pro doktorandy a mlad\'{e} v\v{e}deck\'{e} pracovn\'{i}ky 2017",
   year = 2017,
   location = "Hradec Kr\'{a}lov\'{e}, CZ",
   publisher = "Akademick\'{e} sdru\v{z}en\'{i} MAGNANIMITAS Assn.",
   ISBN = "978-80-87952-22-1",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/11564"
}
Back to top